CVE-2024-55963 Information

Description

An issue was discovered in Appsmith before 1.51. A user on Appsmith that doesn’t have admin permissions can trigger the restart API on Appsmith causing a server restart. This is still within the Appsmith container and the impact is limited to Appsmith’s own server only but there is a denial of service because it can be continually restarted. This is due to incorrect access control checks which should check for super user permissions on the incoming request.

Reference

https://github.com/appsmithorg/appsmith/security/advisories/GHSA-6mc8-hw5c-7qqr